DETECTION OVERVIEW

Ivanti Sentry Exploit - CVE-2023-38035

Risk Factors

Devices running Invati Sentry are typically internet-facing, and this vulnerability affects many versions of Sentry. An attacker can exploit this vulnerability with public code to gain complete control of a device.

Kill Chain

Exploitation

Risk Score

Attack Background

Ivanti Sentry, formerly known as MobileIron Core, is a gateway for mobile devices. An authentication bypass vulnerability exists in the System Manager Portal because of an Apache HTTPD misconfiguration. This vulnerability enables unauthenticated attackers to remotely run commands through the administrative web UI on port 8443. To exploit this vulnerability, an attacker sends an HTTPS POST request to the /mics/services/MICSLogService API endpoint with the malicious command in the HTTP request body.

Mitigation Options

Apply relevant patches
Block external access on port 8443
Restrict port 8443 to a management network that only IT Administrators have access to

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases